WASHINGTON - Researchers uncovered a serious flaw in the underlying technology for nearly all Internet traffic, a discovery that led to an urgent and secretive international effort to prevent global disruptions of Web surfing, e-mails and instant messages.

The British government announced the vulnerability in core Internet technology on Tuesday. Left unaddressed, experts said, it could allow hackers to knock computers offline and broadly disrupt vital traffic-directing devices, called routers, that coordinate the flow of data among distant groups of computers.

"Exploitation of this vulnerability could have affected the glue that holds the Internet together," said Roger Cumming, director for England's National Infrastructure Security Coordination Centre.

The Homeland Security Department issued its own cyberalert hours later that attacks "could affect a large segment of the Internet community." It said normal Internet operations probably would resume after such attacks stopped. Experts said there were no reports of attacks using this technique.

The risk was similar to Internet users "running naked through the jungle, which didn't matter until somebody released some tigers," said Paul Vixie of the Internet Systems Consortium Inc.

"It's a significant risk," Vixie said. "The larger Internet providers are jumping on this big time. It's really important this just gets fixed before the bad guys start exploiting it for fun and recognition."

The flaw affecting the Internet's "transmission control protocol," or TCP, was discovered late last year by a computer researcher in Milwaukee. Paul Watson said he identified a method to reliably trick personal computers and routers into shutting down electronic conversations by resetting the machines remotely.

Experts previously said such attacks could take between four years and 142 years to succeed because they require guessing a rotating number from roughly 4 billion possible combinations. Watson said he can guess the proper number with as few as four attempts, which can be accomplished within seconds.

Routers continually exchange important updates about the most efficient traffic routes between large networks. Continued successful attacks against routers can cause them to go into a standby mode, known as "dampening," that can persist for hours.

Cisco Systems Inc., which acknowledged its popular routers were among those vulnerable, distributed software repairs and tips to otherwise protect large corporate customers. There were few steps for home users to take; Microsoft Corp. said it did not believe Windows users were too vulnerable and made no immediate plans to update its software.

Using Watson's technique to attack a computer running Windows "would not be something that would be easy to do," said Steve Lipner, Microsoft's director for security engineering strategy.

Already in recent weeks, some U.S. government agencies and companies operating the most important digital pipelines have fortified their own vulnerable systems because of early warnings communicated by some security organizations. The White House has expressed concerns especially about risks to crucial Internet routers because attacks against them could profoundly disrupt online traffic.

"Any flaw to a fundamental protocol would raise significant concern and require significant attention by the folks who run the major infrastructures of the Internet," said Amit Yoran, the government's cybersecurity chief. The flaw has dominated discussions since last week among experts in security circles.

The public announcement coincides with a presentation Watson expects to make Thursday at an Internet security conference in Vancouver, British Columbia, where Watson said he would disclose full details of his research.

Watson predicted that hackers would understand how to begin launching attacks "within five minutes of walking out of that meeting."

That was when the blaster worm hit - last Feb, I think. I was online right when it started and it was weird. Every minute more and more sites were down. My web host, (not the one I have now) was offline for two weeks. _________________Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

A flaw in the most popular communications protocol for sending data on the Net could let attackers shut down connections between servers and routers, according to an advisory released Tuesday by Britain's national emergency response team.

TCP--the Transmission Control Protocol--contains a flaw that "varies by vendor and application, but in some deployment scenarios...is rated critical," said the advisory, published by the United Kingdom's National Infrastructure Security Co-ordination Centre. Networking-hardware maker Juniper Networks has determined that its products are vulnerable. Cisco Systems, Hitachi, NEC, and others are studying the issue, according to the advisory.
the vulnerability allows for what's known as a reset attack. Many network appliances and software programs rely on a continuous stream of data from a single source--called a session--and prematurely ending the session can cause a wide variety of problems for devices. Security researcher Paul Watson discovered a method that makes disrupting the data flow far easier than previously thought.

The center's advisory is based on security research that Watson plans to present at the CanSecWest 2004 conference this week and apparently had been released a day early by the NISCC, according to the conference organizer. Watson, who runs a prohacking blog at Terrorist.net, could not be reached for comment.

The issue of TCP-related reset attacks has surfaced before--discussions of the flaw on a mailing list for large-network operators dismissed the issue as old news--but they've previously been thought to require the attacker to guess the identifier of the next data packet in a session. The odds on that are about one in 4.3 billion. The NISCC advisory argues that Watson's research shows that any number in a certain window of values will work, making it much more likely that such an attack could succeed.

The effect of resetting a connection varies depending on the application and how resistant the network software is to disruption, the advisory said.

Under certain circumstances, an attack could significantly disrupt the network used by the basic devices of the Internet, known as routers, to map the most efficient data path from one server to another. Known as the Border Gateway Protocol, or BGP, the method of passing routing information relies on long-lived sessions, and disturbing those connections could cause "medium-term unavailability," the advisory said.

The flaw could also affect the way special Internet servers, known as name servers, provide the numerical Internet address for a certain domain name, such as cnet.com. Attacks could also be used to disrupt e-commerce, by resetting the secure channels between a browser and a merchant's site.

I read that article too and thought to myself, has there ever been a day since the creation of the internet that it ran without flaws? They seem to have a good jump on this one and are fixing the loopholes before they become problem.

"Widespread reports about a flawed communications protocol making the Internet vulnerable to collapse were overblown, according to the researcher credited with uncovering the security problem. "
A flaw in the most widely used protocol for sending data over the Net--TCP, or the Transmission Control Protocol--was addressed by most large Internet service providers during the last two weeks and presents little danger to major networks, said Paul Watson, a security specialist for industry automation company Rockwell Automation. If left unfixed, the weakness could have allowed a knowledgeable attacker to shut down connections between certain hardware devices that route data over the Net.

"The actual threat to the Internet is really small right now," Watson said on Wednesday. "You could have isolated attacks against small networks, but they would most likely be able to recover quickly."